Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Password protecting a directory and all of it's subfolders using .htaccess

Tags:

password-protection

.htaccess

I am trying to password protect a subdomain and all of it's subdirectories and files, but my knowledge on the matter is very limited, how can I go about doing that?

like image 373
Odyss3us Avatar asked Mar 08 '11 07:03

Odyss3us

People also ask

How do I password protect folders and contents?

Use encryption to password protect a folder or a file Navigate to the folder or file you want to encrypt. Right-click on the item, click Properties, then click Advanced. Check Encrypt contents to secure data. Click OK, then click Apply.

Is htaccess password secure?

If your webserver is completly in HTTPS no problem (see edit on the bottom), the clear text/password are encrypted by SSL. and: On the Windows and MPE platforms, passwords encrypted with htpasswd are limited to no more than 255 characters in length.

2 Answers

It's a simple two step process

In your .htaccess put

AuthType Basic AuthName "restricted area" AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd require valid-user

use http://www.htaccesstools.com/htpasswd-generator/ or command line to generate password and put it in the .htpasswd

Note 1: If you are using cPanel you should configure in the security section "Password Protect Directories"

EDIT: If this didn't work then propably you need to do a AllowOverride All to the directory of the .htaccess (or atleast to previous ones) in http.conf followed by a apache restart

<Directory /path/to/the/directory/of/htaccess>       Options Indexes FollowSymLinks MultiViews       AllowOverride All </Directory>
like image 88
Mahesh Avatar answered Sep 30 '22 13:09

Mahesh

To password protect a directory served by Apache, you need a .htaccess file in the directory you want to protect and a .htpasswd file that can be anywhere on your system that the Apache user can access (but put it somewhere sensible and private). You most likely do not want to put .htpasswd in the same folder as .htaccess.

The .htaccess file may already exist. If not, create it. Then insert:

AuthType Basic AuthName "Your authorization required message." AuthUserFile /path/to/.htpasswd require valid-user

Then create a .htpasswd file using whatever username and password you want. The password should be encrypted. If you are on a Linux server, you can use the htpasswd command which will encrypt the password for you. Here is how that command can be used for this:

htpasswd -b /path/to/password/file username password

like image 34
Reflexorozy Avatar answered Sep 30 '22 14:09

Reflexorozy
Sign in to Comment

Related questions

How can I mod_rewrite and keep query strings?
mod_rewrite: remove query string from URL?
How to use .htaccess in WAMP Server?
.htaccess Rewrite to Force Trailing Slash at the end
How to avoid Request Entity Too Large 413 error
How to redirect only when exact url matches?
Apache mod_rewrite: force www only if not in localhost
htaccess leverage browser caching for images and css
.htaccess file not being read ("Options -Indexes" in .htaccess file not working)
Include another htaccess file from .htaccess
What is the htaccess Options -Indexes for?
.htaccess: RewriteEngine not allowed here
.htaccess deny access to all except to one file
How to send compressed (deflated) SVG via Apache2?
"OR" Flag in .htaccess mod_rewrite
htaccess access to file by ip range
How do you redirect all request to public/ folder in laravel 5
.htaccess: where is located when not in www base dir
How to Block an IP address range using the .htaccess file
PHP: How can I block direct URL access to a file, but still allow it to be downloaded by logged in users?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!